Skip to content
Enforcement
EN

Scanshare s.r.l.: Insufficient technical and organisational measures to ensure information security

€60,000 fine - Italian Data Protection Authority (Garante)

€60,000 Fine
Scanshare s.r.l.
ITALY
Insufficient technical and organisational measures to ensure information security

Content

According to the data protection authority, personal information about participants in a public competition had been unlawfully disclosed online. The reason for this was that, due to a configuration error, a list of the codes assigned to the candidates was temporarily accessible on the platform, which allowed access to the documents submitted by the candidates with their personal data. This was a violation of the principle of protection of information security for which Scanshare - which was the processor of the data on behalf of the controller 'Azienda Ospedaliera di Rilievo Nazionale 'Antonio Cardarelli'' (a private hospital) - had been fined with EUR 60.000. [Also see the main fine on the hospital!]

GDPR Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 32 GDPR
Industry: Industry and Commerce